System Entry Path Concept
Unblu by default uses a set of entry paths (http request path prefix) as a high level distinction for different kinds of requests. In typical on premise installation these path prefixes are used as a high level segregation for requests coming from different origins (public internet, intranet or from administrators / other systems). Based on these path prefixes, unblu grants different privileges while executing requests.
In typical installations unblu is operated behind a reverse proxy that guarantees requests are restricted according to path prefix and origin of the request.
2. Public (untrusted) "/unblu" entry path
The "/unblu" path prefix is the part of the unblu server that visitors need to have access to. Typically "/unblu" is mapped in a reverse proxy in a way that it can be accessed from within the application that is going to be co-browsed.
3. Restricted (trusted) "/co-unblu" entry path
The "/co-unblu/" path prefix is the part of the unblu server that MUST only be accessible to authenticated users (agents).
4. System "/sys-unblu" entry path
The "/sys-unblu/" path prefix is the part of the unblu server that MUST only be accessible for other systems (i.e. the unblu filter) or administrators.
5. Security considerations
The "/sys-unblu/" path prefix needs to be protected in a way that only administrators or other systems have access.